-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0086 Title: Linux kernel insufficient data_len validation in sock_alloc_send_pskb() Version history: 18.07.2012 Initial publication Summary ======= Data_len paremeter of sock_alloc_send_pskb() function is not validated before setting frags of allocated skb, which can lead to heap overflow CVE-2012-2136 CVSS v2 Base Score:6.2 (MEDIUM) (AV:L/AC:H/Au:N/C:C/I:C/A:C) [1] Vulnerable systems ================== Among others:[2,3] Linux Kernel 2.6.x Original Details ================ It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. Attackers can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the kernel, denying service to legitimate users.[3,4] What can you do? ================ Fix is available from different vendors What to tell your users? ======================== N/A More information ================ [1] Information about CVSS: http://www.first.org/cvss/cvss-guide.html [2] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2136.html [3] http://www.securityfocus.com/bid/53721 [4] https://rhn.redhat.com/errata/RHSA-2012-1087.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQBtaPAAoJEMQ9UMldbd3zMJUP/2VZRWtaBbCEjoSgCHUQsC6P PRG/pD2waFe3Zq7fYk+oVPP9m/zLVm6URl+8+ZpmG1f1H2keq6ioAjqnhj/KXkyy uuplUuE2Fum2ouued7GTMJYv/N4iQsA9m+aG8TeyxQct6QHQfJHtZo4wmD2DNFfw M8QC70cJbCSMg7AFUybXfGX6T/daBqLmiacygQ5b+huly/cPR796uGYgFjHvj09X rfoTIzcwqXAsh2HLRbUrlJuI+PhI7ASCII9XuG+W6IqevO9YWQcBwt/qQU99DLP1 T7neFsDoZuictgWM8l2sRDPjV6S3LYrRa7i1UDg3byKQUWoUNIsZLNbSDnyjoQNq Ru3t6W8MxXys9E8eiayuLvZiRI65ut9mVOfvUAvI/ecZ61L8EKC/gDsCKrAhw/Sm 6tbjE8lTkIGdb+fYrMwxgLtwb16oW8I679+C0HFLYZcHwHo7vJpGlm5N2sdgFJ1k +sShm44c+qWjDvc2u2ndA9C8WYPKhbVDEB7fUNPs8gz7Z/4fP+5F9eNIa7+CsTB2 cAMDxpVE1W6k5uILJZQjDyN9P9MnnLqmTJxyypmiUuE9oLXwpxLLEwqjNK0nMTMg /OX0I4hwKi5qZekKb7p/wg7I3r2piYGO/F7XU9dYH2DOWZcKSRbI+QW+Vlqdx+8a kSFn9aDV0pbmA7uJPyxw =b6oH -----END PGP SIGNATURE-----